How to correctly generate a CSR for SSL

Generate a CSR for SSL/TLS

An SSL certificate can only be generated with a CSR. It contains all the information required for the certificate, such as the domain name and country code. CSR stands for Certificate Signing Request.

What is a CSR?

A CSR is a block of encrypted text you send to the Certificate Authority (CA) to generate an SSL or digital signing certificate. It is most commonly generated in PKCS #10 format.

What information does it contain?

Country Code – The 2 letter ISO code for the country your organization is based.
State/Province – The state or province your organization is based.
Town/City – The town or city your organization is based.
Company/Organisation – Your organization’s legally registered name.
Organisation unit/ Company Division – The organizational department dealing with the certificate. IT Department, Security Department etc.
Common Name – The Fully Qualified Domain Name you are securing.
Email Address – The email address to best contact your organization with.
Key Strength – The RSA Bit encryption strength the SSL certificate will be generated in. For instance, the industry standard RSA 2048 Bit encryption.
Digest Strength – The SHA algorithm strength the SSL certificate will be generated in. For instance, the industry standard SHA256.  

How To Generate A CSR

There are two main ways you can generate a CSR.

First of all, you can create a CSR using the CSR Generator on the Trustico® tools page. Check out my in-depth guide to Trustico’s SSL tools at the following link:

Similarly, you can (usually) create the CSR on the server itself. This is sometimes a requirement, depending on server type. You will need to consult your server manual or support service for how to do so as the process is different for each server type .

When entering information in the fields, ensure that all fields are filled. Trustico’s CSR generation tool will not allow you to generate without all fields filled. However, many servers will allow you to do so. We do not recommend this. These details are important for validating certain types of SSL certificate.

Also, when entering your organization name, ensure you enter its full name; exactly as registered with the government. You must include any legal classifiers such as ‘Pty Ltd’ or ‘Limited’.

Furthermore, a Private Key is always generated alongside the CSR for SSL certificate installation. Upon generation, save and store the Private Key in a secure directory where you will not lose it.

Finally, when using your CSR to place an order, make you copy the entire CSR into the ordering system, including ‘being certificate request’ and ‘end certificate request’ like in the example below:


How Useful Was This Post?

Let Us Know How We Are Doing - Click A Star To Rate This Post

Average Vote Rating 0 / 5. Vote Count : 0

No Votes So Far! Be The First To Rate This Post